A week ago I was in Annapolis to testify on behalf of a simple bill that’s so good it’s already helped me — and it’s not even a law yet. That’s because “even” people like myself, Mr. So-Called Privacy Advocate, need to be reminded to protect our privacy, and need a clear path to doing so.

===

All Delegate Bonnie Cullison’s HB1219 bill does is insist that consumers of financial institutions — which can include not just banks, but insurance companies, check cashing companies, even car dealers — must be informed in prominent, legible, 12 point font type near the top of all billing or account statements that (1) their nonpublic personal financial information can be shared with affiliates or 3d parties unless (2) they avail themselves of their right to opt out of that by (3) following equally prominent directions.

As Delegate Cullison acknowledged in her own testimony, the requirement to inform consumers that they can opt out of data sharing arrangements isn’t new. What’s new is making sure consumers actually get the message — one that’s typically buried at the bottom of the page in boring, innocuous fine print designed more to give a sense of, well, boring innocuous fine print, than of something that actually matters to you. As I put it in my testimony,

In a perfect privacy world, consumers would “opt in” to let financial institutions share their nonpublic data. But meanwhile, leading privacy advocates like the Privacy Rights Clearinghouse and the Electronic Privacy Information Center are clear that “opting out” of sharing such data is an important strategy in avoiding identity theft,(3) and that requirements to make that plainer to consumers would be an important improvement on the Gramm-Leach-Bliley Act governing this issue at the federal level.(4)

The fewer places your data are stored, the less chance of your data falling into the wrong hands. Delegate Cullison’s bill will help more consumers know that’s their decision to make.

I focused my own testimony on how the bill would help fight the plague of “identity theft,” where criminals use your private information as a way of gaining access to your money. But consumers run other risks as well:

Similarly, this bill also helps consumers reduce opportunities for unwarranted — and I use the term advisedly — privacy intrusions of other kinds. These range from unwanted but eerily well-informed solicitations to government surveillance — it’s an unfortunate fact that some federal departments and agencies buy data from so-called “data aggregator” companies for data mining purposes and aren’t held to Fourth Amendment standards in doing so.(5)

===

Two days later, I finally got around to thinking dully, “Hm. What about *my* nonpublic financial data?”

And lo and behold, when I dug up one of my emails from (shall we say) FinancialInstitution.com, there it was: a boring, innocuous “Privacy Policy” link way at the bottom of the email that I (ahem) usually ignore. And buried way at the bottom of thatpage was “Manage your marketing and information-sharing privacy choices.” And halfway down step 3 of that process, I read “I want [FinancialInstitution] to stop sharing any Customer Information about the following accounts with any third parties.” So I entered my debit card number — and it worked. Somewhat to my chagrin; what took me so long?

So thank you, Delegate Cullison, for reminding at least one Marylander to get his privacy act together… at least after testifying about it in Annapolis. This bill happens to be about mailed communications, but the data you forget not to share can wind up anywhere. As security and privacy expert Bruce Schneier warns, “the Internet is a surveillance state” — in part because of the sheer ubiquity of available data:

Governments are happy to use the data corporations collect — occasionally demanding that they collect more and save it longer — to spy on us. And corporations are happy to buy data from governments. Together the powerful spy on the powerless, and they’re not going to give up their positions of power, despite what the people want.

I choose not to share Schneier’s pessimism about our ability to rein in unwarranted surveillance and privacy intrusions — government, corporate, or otherwise. So I hope you’ll let your Maryland Delegates and Senators know that you support Delegate Cullison’s bill.